Bump the ruby-deps group with 20 updates #1285

dependabot · 2026-02-01T07:55:43Z

Bumps the ruby-deps group with 20 updates:

Package	From	To
aws-sdk-s3	`1.209.0`	`1.213.0`
listen	`3.9.0`	`3.10.0`
html-proofer	`5.1.1`	`5.2.0`
activesupport	`8.1.1`	`8.1.2`
async	`2.35.1`	`2.36.0`
aws-partitions	`1.1200.0`	`1.1211.0`
aws-sdk-core	`3.240.0`	`3.241.4`
aws-sdk-kms	`1.118.0`	`1.121.0`
bigdecimal	`3.3.1`	`4.0.1`
google-protobuf	`4.33.2`	`4.33.4`
haml	`7.1.0`	`7.2.0`
kramdown	`2.5.1`	`2.5.2`
mime-types-data	`3.2025.0924`	`3.2026.0127`
prism	`1.7.0`	`1.9.0`
public_suffix	`7.0.1`	`7.0.2`
sass-embedded	`1.97.1`	`1.97.3`
thor	`1.4.0`	`1.5.0`
tilt	`2.6.1`	`2.7.0`
ttfunk	`1.8.0`	`1.7.0`
typhoeus	`1.4.1`	`1.5.0`

Updates aws-sdk-s3 from 1.209.0 to 1.213.0

Changelog

Sourced from aws-sdk-s3's changelog.

1.213.0 (2026-01-28)

Feature - Adds support for the UpdateObjectEncryption API to change the server-side encryption type of objects in general purpose buckets.

1.212.0 (2026-01-16)

Feature - Code Generated Changes, see ./build_tools or aws-sdk-core's CHANGELOG.md for details.

1.211.0 (2026-01-08)

Feature - Code Generated Changes, see ./build_tools or aws-sdk-core's CHANGELOG.md for details.

Issue - Falls back to header request checksums when using custom endpoints or endpoint providers for PutObject and UploadPart operations.

1.210.1 (2026-01-06)

Issue - Normalize response encoding to UTF-8 for proper XML error parsing in HTTP 200 responses.

1.210.0 (2026-01-05)

Feature - Code Generated Changes, see ./build_tools or aws-sdk-core's CHANGELOG.md for details.

Feature - Added :http_chunk_size parameter to TransferManager#upload_file to control the buffer size when streaming request bodies over HTTP. Larger chunk sizes may improve network throughput at the cost of higher memory usage (Ruby MRI only).

Feature - Improved memory efficiency when calculating request checksums for large file uploads (Ruby MRI only).

Commits

See full diff in compare view

Updates listen from 3.9.0 to 3.10.0

Release notes

Sourced from listen's releases.

v3.10.0

What's Changed

Rubocop workflow with GitHub actions by @AlexB52 in guard/listen#573

Fix the Rubocop offence by @y-yagi in guard/listen#588

Add logger gem as a runtime dependency by @y-yagi in guard/listen#587

Remove conditions from gem declarations in Gemfile by @larskanis in guard/listen#584

CI against Ruby 3.4 by @y-yagi in guard/listen#590

Remove link to Travis CI by @y-yagi in guard/listen#593

Use Naming/PredicatePrefix instead of deprecated Naming/PredicateName cop by @y-yagi in guard/listen#592

Remove unused require by @y-yagi in guard/listen#594

Mention the relation with fs.inotify.max_user_watches and the memory allocation by @y-yagi in guard/listen#595

CI against Ruby 4.0 by @y-yagi in guard/listen#596

New Contributors

@AlexB52 made their first contribution in guard/listen#573

@larskanis made their first contribution in guard/listen#584

Full Changelog: guard/listen@v3.9.0...v3.10.0

Commits

2fa1a74 Bump VERSION to 3.10.0
7c6d39e Merge pull request #596 from y-yagi/ci_against_ruby40
62255c0 CI against Ruby 4.0
43cb09c Merge pull request #595 from y-yagi/mention_memory_allocation_about_max_user_...
030aff8 Merge pull request #594 from y-yagi/remove_unused_require
4317b21 Mention the relation with fs.inotify.max_user_watches and the memory alloc...
5883c5e Remove unused require
cde3720 Merge pull request #592 from y-yagi/fix_rubocop
8e93885 Merge pull request #593 from y-yagi/remove_link_to_travis
2f07a81 Remove link to Travis CI
Additional commits viewable in compare view

Updates html-proofer from 5.1.1 to 5.2.0

Release notes

Sourced from html-proofer's releases.

v5.2.0

What's Changed

[skip test] Release v5.1.1 by @github-actions[bot] in gjtorikian/html-proofer#862

Bump actions/checkout from 5 to 6 by @dependabot[bot] in gjtorikian/html-proofer#863

Add JSON argument examples by @asbjornu in gjtorikian/html-proofer#864

CI/CD caching requires HTMLProofer caching by @asbjornu in gjtorikian/html-proofer#865

Simplify README by @gjtorikian in gjtorikian/html-proofer#869

Bump the bundler-dependencies group with 2 updates by @dependabot[bot] in gjtorikian/html-proofer#871

Allows access to the full Nokogiri node and all element attributes when processing failures by @gjtorikian in gjtorikian/html-proofer#870

Full Changelog: gjtorikian/html-proofer@v5.1.1...v5.2.0

Changelog

Sourced from html-proofer's changelog.

[v5.2.0] - 07-01-2026

What's Changed

[skip test] Release v5.1.1 by @github-actions[bot] in gjtorikian/html-proofer#862

Bump actions/checkout from 5 to 6 by @dependabot[bot] in gjtorikian/html-proofer#863

Add JSON argument examples by @asbjornu in gjtorikian/html-proofer#864

CI/CD caching requires HTMLProofer caching by @asbjornu in gjtorikian/html-proofer#865

Simplify README by @gjtorikian in gjtorikian/html-proofer#869

Bump the bundler-dependencies group with 2 updates by @dependabot[bot] in gjtorikian/html-proofer#871

Allows access to the full Nokogiri node and all element attributes when processing failures by @gjtorikian in gjtorikian/html-proofer#870

Full Changelog: gjtorikian/html-proofer@v5.1.1...v5.2.0

Commits

df89ea2 Merge pull request #870 from gjtorikian/more-failure-element-info
9b0f5ae hide unnecessary warning
0583124 💎 bump to 5.2.0
06391d1 Merge branch 'main' into more-failure-element-info
2bb1b7e update vcr
eb37c24 [auto-lint]: Lint files
53a1ac7 work around new 429 error
cd974d0 Merge pull request #871 from gjtorikian/dependabot/bundler/bundler-dependenci...
25501a6 Bump the bundler-dependencies group with 2 updates
a2eceaa Update workflows
Additional commits viewable in compare view

Updates activesupport from 8.1.1 to 8.1.2

Release notes

Sourced from activesupport's releases.

8.1.2

Active Support
Make delegate and delegate_missing_to work in BasicObject subclasses.

Rafael Mendonça França

Fix Inflectors when using a locale that fallbacks to :en.

Said Kaldybaev

Fix ActiveSupport::TimeWithZone#as_json to consistently return UTF-8 strings.

Previously the returned string would sometime be encoded in US-ASCII, which in some cases may be problematic.

Now the method consistently always return UTF-8 strings.

Jean Boussier

Fix TimeWithZone#xmlschema when wrapping a DateTime instance in local time.

Previously it would return an invalid time.

Dmytro Rymar

Implement LocalCache strategy on ActiveSupport::Cache::MemoryStore. The memory store needs to respond to the same interface as other cache stores (e.g. ActiveSupport::NullStore).

Mikey Gough
Fix ActiveSupport::Inflector.humanize with international characters.
ActiveSupport::Inflector.humanize("áÉÍÓÚ")  # => "Áéíóú"
ActiveSupport::Inflector.humanize("аБВГДЕ") # => "Абвгде"
Jose Luis Duran
Active Model

No changes.

Active Record

Fix counting cached queries in ActiveRecord::RuntimeRegistry.

... (truncated)

Changelog

Sourced from activesupport's changelog.

Rails 8.1.2 (January 08, 2026)
Make delegate and delegate_missing_to work in BasicObject subclasses.

Rafael Mendonça França

Fix Inflectors when using a locale that fallbacks to :en.

Said Kaldybaev

Fix ActiveSupport::TimeWithZone#as_json to consistently return UTF-8 strings.

Previously the returned string would sometime be encoded in US-ASCII, which in some cases may be problematic.

Now the method consistently always return UTF-8 strings.

Jean Boussier

Fix TimeWithZone#xmlschema when wrapping a DateTime instance in local time.

Previously it would return an invalid time.

Dmytro Rymar

Implement LocalCache strategy on ActiveSupport::Cache::MemoryStore. The memory store needs to respond to the same interface as other cache stores (e.g. ActiveSupport::NullStore).

Mikey Gough
Fix ActiveSupport::Inflector.humanize with international characters.
ActiveSupport::Inflector.humanize("áÉÍÓÚ")  # => "Áéíóú"
ActiveSupport::Inflector.humanize("аБВГДЕ") # => "Абвгде"
Jose Luis Duran

Commits

d7c8ae6 Preparing for 8.1.2 release
3ea2701 CHANGELOG sync
0f8014a [8-1-stable] Minitest 6 support
991ccf3 Merge pull request #56393 from rails/add-exclude-keys-to-live-controller
c86465f Merge pull request #56353 from rails/rmf-delegation-basic-object
fce726b Merge pull request #56344 from Saidbek/fix-inflections-fallback-to-en-locale
efd9bd9 Merge pull request #56324 from jeremyevans/activesupport-uri-require
81dca9c Merge pull request #56285 from markokajzer/main
a5c1af3 Merge pull request #56294 from fatkodima/fix-mem_cache_store-newer-connection...
923f8e9 Merge pull request #56292 from fatkodima/fix-redis_cache_store-newer-connecti...
Additional commits viewable in compare view

Updates async from 2.35.1 to 2.36.0

Changelog

Sourced from async's changelog.

v2.36.0

Introduce Task#wait_all which recursively waits for all children and self, excepting the current task.

Introduce Task#join as an alias for Task#wait for compatibility with Thread#join and similar interfaces.

v2.35.3

Async::Clock now implements #as_json and #to_json for nicer log formatting.

v2.35.2

Improved handling of Process.fork on Ruby 4+.

Improve @promise state handling in Task#initialize, preventing incomplete instances being visible to the scheduler.

Commits

400bc2e Bump minor version.
b3108a4 Introduce Task#join alias.
1f519fb Introduce Task.wait_all. (#441)
1819433 Better class Task documentation.
6aed0d2 Bump patch version.
763a990 Add Clock#as_json and Clock#to_json.
71cd4e0 Bump patch version.
da9055f Fix state handling, possibly fixes #439.
b3561cc RuboCop.
c5ee45f Improve handling of Process.fork on Ruby 4+.
See full diff in compare view

Updates aws-partitions from 1.1200.0 to 1.1211.0

Changelog

Sourced from aws-partitions's changelog.

1.1211.0 (2026-01-30)

Feature - Updated the partitions source data the determines the AWS service regions and endpoints.

1.1210.0 (2026-01-27)

Feature - Updated the partitions source data the determines the AWS service regions and endpoints.

1.1209.0 (2026-01-22)

Feature - Updated the partitions source data the determines the AWS service regions and endpoints.

1.1208.0 (2026-01-21)

Feature - Updated the partitions source data the determines the AWS service regions and endpoints.

1.1207.0 (2026-01-20)

Feature - Updated the partitions source data the determines the AWS service regions and endpoints.

1.1206.0 (2026-01-16)

Feature - Updated the partitions source data the determines the AWS service regions and endpoints.

1.1205.0 (2026-01-15)

Feature - Updated the partitions source data the determines the AWS service regions and endpoints.

1.1204.0 (2026-01-14)

Feature - Updated the partitions source data the determines the AWS service regions and endpoints.

1.1203.0 (2026-01-12)

Feature - Updated the partitions source data the determines the AWS service regions and endpoints.

1.1202.0 (2026-01-09)

Feature - Updated the partitions source data the determines the AWS service regions and endpoints.

... (truncated)

Commits

See full diff in compare view

Updates aws-sdk-core from 3.240.0 to 3.241.4

Changelog

Sourced from aws-sdk-core's changelog.

3.241.4 (2026-01-16)

Issue - Rewind IO during initialization for AwsChunkedTrailerDigestIO.

3.241.3 (2026-01-08)

Issue - Disable request trailer checksums when using non-HTTPs endpoints.

3.241.2 (2026-01-07)

Issue - Preserve existing Content-Encoding when applying request trailer checksum.

3.241.1 (2026-01-06)

Issue - Fix memory leak in ClockSkew retry plugin by normalizing endpoints to prevent unlimited hash growth.

3.241.0 (2026-01-05)

Feature - Improved memory efficiency when calculating request checksums.

Commits

See full diff in compare view

Updates aws-sdk-kms from 1.118.0 to 1.121.0

Changelog

Sourced from aws-sdk-kms's changelog.

1.121.0 (2026-01-16)

Feature - Code Generated Changes, see ./build_tools or aws-sdk-core's CHANGELOG.md for details.

1.120.0 (2026-01-08)

Feature - Code Generated Changes, see ./build_tools or aws-sdk-core's CHANGELOG.md for details.

1.119.0 (2026-01-05)

Feature - Code Generated Changes, see ./build_tools or aws-sdk-core's CHANGELOG.md for details.

Commits

See full diff in compare view

Updates bigdecimal from 3.3.1 to 4.0.1

Release notes

Sourced from bigdecimal's releases.

v4.0.1

What's Changed

Exclude dependabot updates from release note by @hsbt in ruby/bigdecimal#474

Remove unused variable (and add test for it) by @tompng in ruby/bigdecimal#475

Remove "Which version should you select" section by @tompng in ruby/bigdecimal#476

Bump version to v4.0.1 by @tompng in ruby/bigdecimal#477

Full Changelog: ruby/bigdecimal@v4.0.0...v4.0.1

v4.0.0

What's Changed

Fix x**y, x.power(y, 0) and x.sqrt(0) calculates huge digits if precision limit is huge by @tompng in ruby/bigdecimal#445

Implement major math functions by @tompng in ruby/bigdecimal#336

Fix fast-path of frac and _decimal_shift affected by BigDecimal.limit by @tompng in ruby/bigdecimal#447

Update the latest versions of actions by @hsbt in ruby/bigdecimal#449

Add missing bigmath precision test, add missing indent by @tompng in ruby/bigdecimal#450

Make BigMath.exp and log also a module_method by @tompng in ruby/bigdecimal#452

Fix incorrect exception when exponent is fractional for Infinity base by @troy-dunamu in ruby/bigdecimal#453

Bump step-security/harden-runner from 2.13.1 to 2.13.2 by @dependabot[bot] in ruby/bigdecimal#454

Don't use assert_separatly if not needed by @tompng in ruby/bigdecimal#455

Bump actions/checkout from 5.0.0 to 6.0.0 by @dependabot[bot] in ruby/bigdecimal#456

Bump actions/checkout from 5.0.1 to 6.0.0 by @dependabot[bot] in ruby/bigdecimal#457

Add missing BigMath test for jruby by @tompng in ruby/bigdecimal#459

Change remainder/modulo/divmod test of +0/-0 type tolerant by @tompng in ruby/bigdecimal#460

Cast divmod quotient to int by @mrzasa in ruby/bigdecimal#312

Bump actions/checkout from 6.0.0 to 6.0.1 by @dependabot[bot] in ruby/bigdecimal#462

Bump step-security/harden-runner from 2.13.2 to 2.13.3 by @dependabot[bot] in ruby/bigdecimal#461

Implement BigMath.erf(x, prec) and BigMath.erfc(x, prec) by @tompng in ruby/bigdecimal#357

Implement BigMath.gamma and BigMath.lgamma by @tompng in ruby/bigdecimal#451

Fix typos + improve copy/paste in readme by @tas50 in ruby/bigdecimal#463

Fix inaccurate calculation (last digit) and add a workaround for add/sub hang bug by @tompng in ruby/bigdecimal#465

Fix lgamma precision around 1 and 2 by @tompng in ruby/bigdecimal#466

Fix lgamma precision when gamma(negative_x).abs nearly equals 1 by @tompng in ruby/bigdecimal#467

Implement BigMath.frexp and ldexp with exponent of 10 by @tompng in ruby/bigdecimal#448

Bump step-security/harden-runner from 2.13.3 to 2.14.0 by @dependabot[bot] in ruby/bigdecimal#468

Better rounding of BigMath.atan(nearly_one, prec) by @tompng in ruby/bigdecimal#469

Remove deprecated method BigDecimal#precs by @tompng in ruby/bigdecimal#470

Deprecate ludcmp, jacobian and newton by @tompng in ruby/bigdecimal#471

Bump version to v4.0.0 by @tompng in ruby/bigdecimal#472

New Contributors

@troy-dunamu made their first contribution in ruby/bigdecimal#453

@tas50 made their first contribution in ruby/bigdecimal#463

Full Changelog: ruby/bigdecimal@v3.3.1...v4.0.0

Changelog

Sourced from bigdecimal's changelog.

4.0.1

Fix warning GH-475

@tompng

4.0.0

BigDecimal#divmod return value changed to [Integer, BigDecimal] GH-312

@mrzasa

Remove BigDecimal#precs GH-470

@tompng

BigMath now supports all functions defined in Math module GH-336 GH-357 GH-451 GH-448

@tompng

Fix incorrect exception when exponent is fractional for Infinity base GH-453

@troy-dunamu

Deprecate bigdecimal/jacobian, bigdecimal/ludcmp and bigdecimal/newton GH-471

@tompng

Commits

6d01c36 Bump version to v4.0.1 (#477)
4914cc3 Remove "Which version should you select" section (#476)
4120325 Remove unused variable (and add test for it) (#475)
f0bf63f Merge pull request #474 from ruby/exclude-dependabot-update
d93ef2b Exclude dependabot updates from release note
d9914c9 Bump version to v4.0.0 (#472)
45d203a Deprecate ludcmp, jacobian and newton (#471)
8146336 Remove deprecated method BigDecimal#precs (#470)
b7e93bf Better rounding of BigMath.atan(nearly_one, prec) (#469)
cef76eb Merge pull request #468 from ruby/dependabot/github_actions/step-security/har...
Additional commits viewable in compare view

Updates google-protobuf from 4.33.2 to 4.33.4

Commits

See full diff in compare view

Updates haml from 7.1.0 to 7.2.0

Release notes

Sourced from haml's releases.

v7.2.0

What's Changed

Do not require rails when haml is required by @jeremyevans in haml/haml#1201

Point changelog_uri to github releases by @jaredmoody in haml/haml#1202

New Contributors

@jaredmoody made their first contribution in haml/haml#1202

Full Changelog: haml/haml@v7.1.0...v7.2.0

Changelog

Sourced from haml's changelog.

7.2.0

Do not require rails when haml is required haml/haml#1201

Point changelog_uri to GitHub Releases haml/haml#1202

Commits

97a4865 Version 7.2.0
220624c Point changelog_uri to github releases (#1202)
8c0d0b5 Do not require rails when haml is required (#1201)
See full diff in compare view

Updates kramdown from 2.5.1 to 2.5.2

Commits

See full diff in compare view

Updates mime-types-data from 3.2025.0924 to 3.2026.0127

Changelog

Sourced from mime-types-data's changelog.

3.2026.0127 / 2026-01-27

Updated registry entries from the IANA [media registry][registry] and [provisional media registry][provisional] and the [Apache Tika media registry][tika] as of the release date.

3.2026.0120 / 2026-01-20

Updated registry entries from the IANA [media registry][registry] and [provisional media registry][provisional] and the [Apache Tika media registry][tika] as of the release date.

3.2026.0113 / 2026-01-13

Updated registry entries from the IANA [media registry][registry] and [provisional media registry][provisional] and the [Apache Tika media registry][tika] as of the release date.

3.2026.0106 / 2026-01-06

Updated registry entries from the IANA [media registry][registry] and [provisional media registry][provisional] and the [Apache Tika media registry][tika] as of the release date.

Manual contributions now require Signed-off-by trailers for assertion of the [Developer Certificate of Origin][dco]. More details will be added in the coming weeks.

Added application/microdata+json, application/speculationrules+json, text/event-stream and text/ping from the [WHATWG HTML spec][whatwg]

Commits

b523ad4 Update mime-types-data 3.2026.0127 / 2026-01-27
2f6bac0 Update mime-types-data 3.2026.0120 / 2026-01-20
bb5741a Update mime-types-data 3.2026.0113 / 2026-01-13
cd04bb5 fix: Fix release workflow
2fcf0c3 Update mime-types-data 3.2026.0106 / 2026-01-06
27a1e8d chore: Update workflows
3388bd6 types: Add WHATWG HTML Spec Types
1bf930a deps: Bump the actions group across 1 directory with 2 updates
87a99e0 deps: Bump actions/checkout from 5.0.0 to 6.0.0
2f07063 chore: Update workflows and suspport documentation
Additional commits viewable in compare view

Updates prism from 1.7.0 to 1.9.0

Release notes

Sourced from prism's releases.

v1.9.0

Added

Lots of work on the Ripper translation layer to make it more compatible and efficient.

Alias Prism::Node#breadth_first_search to Prism::Node#find.

Add Prism::Node#breadth_first_search_all/Prism::Node#find_all for finding all nodes matching a condition.

Changed

Fixed location of opening tokens when invalid syntax is parsed.

Fix RBI for parsing options.

v1.8.0

Added

Optimize ruby visitor.

Report unterminated construct errors at opening token.

Changed

Correctly expose ripper state.

Use one file for versioned parser classes.

Fix denominator of rational float literal.

Decouple ripper translator from ripper library.

Sync Prism::Translation::ParserCurrent with Ruby 4.0.

Changelog

Sourced from prism's changelog.

[1.9.0] - 2026-01-27

Added

Lots of work on the Ripper translation layer to make it more compatible and efficient.

Alias Prism::Node#breadth_first_search to Prism::Node#find.

Add Prism::Node#breadth_first_search_all/Prism::Node#find_all for finding all nodes matching a condition.

Changed

Fixed location of opening tokens when invalid syntax is parsed.

Fix RBI for parsing options.

[1.8.0] - 2026-01-12

Added

Optimize ruby visitor.

Report unterminated construct errors at opening token.

Changed

Correctly expose ripper state.

Use one file for versioned parser classes.

Fix denominator of rational float literal.

Decouple ripper translator from ripper library.

Sync Prism::Translation::ParserCurrent with Ruby 4.0.

Commits

c0e3781 Merge pull request #3879 from ruby/v190
e722e57 Bump to v1.9.0
0f57d62 Merge pull request #3878 from ruby/find-all
51df90e Add Prism::Node#find_all
20dc949 Merge pull request #3877 from ruby/byte-offset
7759acd Rename line_to_byte_offset -> byte_offset
93fdf21 Merge pull request #3875 from Earlopain/bump-bundler
89a4643 Merge pull request #3871 from Earlopain/lex-ripper-plain
94dafb2 Update bundler in the main gemfile
c774ec2 Merge pull request #3874 from Earlopain/rbi-options
Additional commits viewable in compare view

Updates public_suffix from 7.0.1 to 7.0.2

Changelog

Sourced from public_suffix's changelog.

7.0.2 - 2026-01-04

Changed

Excluded symlinks and unnecessary files from gem packaging. On Windows symlinks cannot be created without Administrator privileges or with developer mode enabled #496.

Commits

1e010a4 chore: Release 7.0.2
cdddbbc fix(build): Exclude symlink and unnecessary files
698b015 ci: Update rubocop config
See full diff in compare view

Updates sass-embedded from 1.97.1 to 1.97.3

Commits

28f7a79 v1.97.3
88136c8 Bump sass from 1.97.2 to 1.97.3 in /ext/sass (#367)
26f472c Avoid an extra mutex on platforms without fork support
3e6a3dd Remove freebsd linuxulator compatibility
cf7e1e0 Update rubocop-rspec requirement from ~> 3.8.0 to ~> 3.9.0 (#365)
08067f3 v1.97.2
17b1a66 Bump sass from 1.97.1 to 1.97.2 in /ext/sass (#364)
75e77eb Set NoHostAuthenticationForLocalhost=yes for localhost vm
f47a03e Use azure ubuntu mirror to speed up debootstrap on FreeBSD
6030a54 Test ruby 4.0 (#363)
See full diff in compare view

Updates thor from 1.4.0 to 1.5.0

Release notes

Sourced from thor's releases.

1.5.0

What's Changed

Add specs and linter documentation by @hlascelles in rails/thor#907

Add tree command by @hlascelles in rails/thor#906

feat: support insert_into_file erroring if the file is not changed, and add insert_into_file by @G-Rath in rails/thor#908

support THOR_MERGE values with arguments by @rafaelfranca in rails/thor#910

Hidden commands should not make an invocation ambiguous by @deivid-rodriguez in rails/thor#911

Set frozen_string_literal: true in colors.rb by @tenderlove in rails/thor#913

fix encoding error when running a merge tool by @moritzschepp in rails/thor#916

New Contributors

@tenderlove made their first contribution in rails/thor#913

@dependabot[bot] made their first contribution in rails/thor#912

@moritzschepp made their first contribution in rails/thor#916

Full Changelog: rails/thor@v1.4.0...v1.5.0

Commits

6a680f2 Prepare for 1.5.0
615b0c2 Merge pull request #919 from rails/rmf-ci
f16a2db Unlock bundler development dependency
7b99536 Test with Ruby 4.0
2a1eecb Merge pull request #918 from rails/dependabot/github_actions/actions/checkout-6
ed9ffca Merge pull request #916 from moritzschepp/ec-encoding
5b85a33 Bump actions/checkout from 5 to 6
2e2b684 fix encoding error when running a merge tool
b2d98fe Remove whatisthor.com references
17a3be9 Merge pull request #912 from rails/dependabot/github_actions/actions/checkout-5
Additional commits viewable in compare view

Updates tilt from 2.6.1 to 2.7.0

Changelog

Sourced from tilt's changelog.

2.7.0 (2026-01-09)

Support passing template-specific options to Tilt::Pipeline.new (LevitatingBusinessMan) (#24)

Remove deprecated creole template (jeremyevans)

Make the rendering of Prawn templates idempotent (rickenharp) (#20)

Commits

2b1189f Bump version to 2.7.0
ac414e7 Minor changes to Tile::Pipeline.new options support
df4b7e3 allow additional options to pipeline
f9193d5 Drop JRuby 9.4 from CI
712e75d Remove use of minitest mocks
d3aa2a0 Add Ruby 4.0 to CI
8454c9f Require URI in haml test to work around test failure on Ruby 4.0
e271cab Fix class name in coffeescript documentation
1bca970 Remove deprecated creole template
7e5263e Mention Tilt::StaticTemplate in README
Additional commits viewable in compare view

Updates ttfunk from 1.8.0 to 1.7.0

Changelog

Sourced from ttfunk's changelog.

[1.8.0][] - 2024-03-05

Fixed

Corrupted CFF index data

there was a subtle bug in cff index implementation that resulted in a data corruption. in certain circumstances some items didn't get properly encoded. this happened when items were not previously accessed.

this resulted, for instance, in missing glyphs. but only sometimes because indexes might've still contain data that shouldn't've been there. in combination with incorrect encoding (see further) this resulted in some glyphs still being rendered, sometimes even correctly.

along with the fix a rather large api change landed. this resulted in quite a big diff.

Alexander Mankuta

Incorrect CFF encoding in subsets

TTFunk used to reuse encoding from the original font. This mapping was incorrect for subset fonts which used not just a subset of glyphs but also a different encoding.

A separate issue was that some fonts have empty CFF encoding. This incorrect mapping resulted in encoding that mapped all codes to glyph 0.

This had impact on Prawn in particular. PDF spec explicitly says that CFF encoding is not to be used in OpenType fonts. cmap table should directly index charstrings in the CFF table. Despite this PDF renderers still use CFF encoding to retrieve glyphs. So TTFunk has to discard the original CFF encoding and supply its own.

Alexander Mankuta

maxp table

The table is now correctly parsed and encoded for both TrueType and CFF-based OpenType fonts.

Cameron Dutro, Alexander Mankuta

Files are closed sooner

Files were garbage collected but could stay open for longer than necessary.

Jon Burgess

... (truncated)

Commits

9082af1 1.7.0
8b12b8b Update Changelog
1a17711 Update CI workflow
45a9f1e Use prawn-dev
7db8400 Allow gem installation on ruby 3.0
d7ad1f1 Fix linting
c532474 Allow TTC files to be read from IO object
8ccf63e 1.6.2.1
<...
Description has been truncated

Bumps the ruby-deps group with 20 updates: | Package | From | To | | --- | --- | --- | | [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) | `1.209.0` | `1.213.0` | | [listen](https://github.com/guard/listen) | `3.9.0` | `3.10.0` | | [html-proofer](https://github.com/gjtorikian/html-proofer) | `5.1.1` | `5.2.0` | | [activesupport](https://github.com/rails/rails) | `8.1.1` | `8.1.2` | | [async](https://github.com/socketry/async) | `2.35.1` | `2.36.0` | | [aws-partitions](https://github.com/aws/aws-sdk-ruby) | `1.1200.0` | `1.1211.0` | | [aws-sdk-core](https://github.com/aws/aws-sdk-ruby) | `3.240.0` | `3.241.4` | | [aws-sdk-kms](https://github.com/aws/aws-sdk-ruby) | `1.118.0` | `1.121.0` | | [bigdecimal](https://github.com/ruby/bigdecimal) | `3.3.1` | `4.0.1` | | [google-protobuf](https://github.com/protocolbuffers/protobuf) | `4.33.2` | `4.33.4` | | [haml](https://github.com/haml/haml) | `7.1.0` | `7.2.0` | | [kramdown](https://github.com/gettalong/kramdown) | `2.5.1` | `2.5.2` | | [mime-types-data](https://github.com/mime-types/mime-types-data) | `3.2025.0924` | `3.2026.0127` | | [prism](https://github.com/ruby/prism) | `1.7.0` | `1.9.0` | | [public_suffix](https://github.com/weppos/publicsuffix-ruby) | `7.0.1` | `7.0.2` | | [sass-embedded](https://github.com/sass-contrib/sass-embedded-host-ruby) | `1.97.1` | `1.97.3` | | [thor](https://github.com/rails/thor) | `1.4.0` | `1.5.0` | | [tilt](https://github.com/jeremyevans/tilt) | `2.6.1` | `2.7.0` | | [ttfunk](https://github.com/prawnpdf/ttfunk) | `1.8.0` | `1.7.0` | | [typhoeus](https://github.com/typhoeus/typhoeus) | `1.4.1` | `1.5.0` | Updates `aws-sdk-s3` from 1.209.0 to 1.213.0 - [Release notes](https://github.com/aws/aws-sdk-ruby/releases) - [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-ruby/commits) Updates `listen` from 3.9.0 to 3.10.0 - [Release notes](https://github.com/guard/listen/releases) - [Commits](guard/listen@v3.9.0...v3.10.0) Updates `html-proofer` from 5.1.1 to 5.2.0 - [Release notes](https://github.com/gjtorikian/html-proofer/releases) - [Changelog](https://github.com/gjtorikian/html-proofer/blob/main/CHANGELOG.md) - [Commits](gjtorikian/html-proofer@v5.1.1...v5.2.0) Updates `activesupport` from 8.1.1 to 8.1.2 - [Release notes](https://github.com/rails/rails/releases) - [Changelog](https://github.com/rails/rails/blob/v8.1.2/activesupport/CHANGELOG.md) - [Commits](rails/rails@v8.1.1...v8.1.2) Updates `async` from 2.35.1 to 2.36.0 - [Release notes](https://github.com/socketry/async/releases) - [Changelog](https://github.com/socketry/async/blob/main/releases.md) - [Commits](socketry/async@v2.35.1...v2.36.0) Updates `aws-partitions` from 1.1200.0 to 1.1211.0 - [Release notes](https://github.com/aws/aws-sdk-ruby/releases) - [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-partitions/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-ruby/commits) Updates `aws-sdk-core` from 3.240.0 to 3.241.4 - [Release notes](https://github.com/aws/aws-sdk-ruby/releases) - [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-core/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-ruby/commits) Updates `aws-sdk-kms` from 1.118.0 to 1.121.0 - [Release notes](https://github.com/aws/aws-sdk-ruby/releases) - [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-kms/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-ruby/commits) Updates `bigdecimal` from 3.3.1 to 4.0.1 - [Release notes](https://github.com/ruby/bigdecimal/releases) - [Changelog](https://github.com/ruby/bigdecimal/blob/master/CHANGES.md) - [Commits](ruby/bigdecimal@v3.3.1...v4.0.1) Updates `google-protobuf` from 4.33.2 to 4.33.4 - [Release notes](https://github.com/protocolbuffers/protobuf/releases) - [Commits](https://github.com/protocolbuffers/protobuf/commits) Updates `haml` from 7.1.0 to 7.2.0 - [Release notes](https://github.com/haml/haml/releases) - [Changelog](https://github.com/haml/haml/blob/main/CHANGELOG.md) - [Commits](haml/haml@v7.1.0...v7.2.0) Updates `kramdown` from 2.5.1 to 2.5.2 - [Release notes](https://github.com/gettalong/kramdown/releases) - [Changelog](https://github.com/gettalong/kramdown/blob/master/doc/news.page) - [Commits](https://github.com/gettalong/kramdown/commits) Updates `mime-types-data` from 3.2025.0924 to 3.2026.0127 - [Changelog](https://github.com/mime-types/mime-types-data/blob/main/CHANGELOG.md) - [Commits](mime-types/mime-types-data@v3.2025.0924...v3.2026.0127) Updates `prism` from 1.7.0 to 1.9.0 - [Release notes](https://github.com/ruby/prism/releases) - [Changelog](https://github.com/ruby/prism/blob/main/CHANGELOG.md) - [Commits](ruby/prism@v1.7.0...v1.9.0) Updates `public_suffix` from 7.0.1 to 7.0.2 - [Changelog](https://github.com/weppos/publicsuffix-ruby/blob/main/CHANGELOG.md) - [Commits](weppos/publicsuffix-ruby@v7.0.1...v7.0.2) Updates `sass-embedded` from 1.97.1 to 1.97.3 - [Commits](sass-contrib/sass-embedded-host-ruby@v1.97.1...v1.97.3) Updates `thor` from 1.4.0 to 1.5.0 - [Release notes](https://github.com/rails/thor/releases) - [Commits](rails/thor@v1.4.0...v1.5.0) Updates `tilt` from 2.6.1 to 2.7.0 - [Changelog](https://github.com/jeremyevans/tilt/blob/master/CHANGELOG.md) - [Commits](jeremyevans/tilt@v2.6.1...v2.7.0) Updates `ttfunk` from 1.8.0 to 1.7.0 - [Release notes](https://github.com/prawnpdf/ttfunk/releases) - [Changelog](https://github.com/prawnpdf/ttfunk/blob/master/CHANGELOG.md) - [Commits](prawnpdf/ttfunk@1.8.0...1.7.0) Updates `typhoeus` from 1.4.1 to 1.5.0 - [Changelog](https://github.com/typhoeus/typhoeus/blob/master/CHANGELOG.md) - [Commits](typhoeus/typhoeus@v1.4.1...v1.5.0) --- updated-dependencies: - dependency-name: aws-sdk-s3 dependency-version: 1.213.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ruby-deps - dependency-name: listen dependency-version: 3.10.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ruby-deps - dependency-name: html-proofer dependency-version: 5.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ruby-deps - dependency-name: activesupport dependency-version: 8.1.2 dependency-type: indirect update-type: version-update:semver-patch dependency-group: ruby-deps - dependency-name: async dependency-version: 2.36.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: ruby-deps - dependency-name: aws-partitions dependency-version: 1.1211.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: ruby-deps - dependency-name: aws-sdk-core dependency-version: 3.241.4 dependency-type: indirect update-type: version-update:semver-minor dependency-group: ruby-deps - dependency-name: aws-sdk-kms dependency-version: 1.121.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: ruby-deps - dependency-name: bigdecimal dependency-version: 4.0.1 dependency-type: indirect update-type: version-update:semver-major dependency-group: ruby-deps - dependency-name: google-protobuf dependency-version: 4.33.4 dependency-type: indirect update-type: version-update:semver-patch dependency-group: ruby-deps - dependency-name: haml dependency-version: 7.2.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: ruby-deps - dependency-name: kramdown dependency-version: 2.5.2 dependency-type: indirect update-type: version-update:semver-patch dependency-group: ruby-deps - dependency-name: mime-types-data dependency-version: 3.2026.0127 dependency-type: indirect update-type: version-update:semver-minor dependency-group: ruby-deps - dependency-name: prism dependency-version: 1.9.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: ruby-deps - dependency-name: public_suffix dependency-version: 7.0.2 dependency-type: indirect update-type: version-update:semver-patch dependency-group: ruby-deps - dependency-name: sass-embedded dependency-version: 1.97.3 dependency-type: indirect update-type: version-update:semver-patch dependency-group: ruby-deps - dependency-name: thor dependency-version: 1.5.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: ruby-deps - dependency-name: tilt dependency-version: 2.7.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: ruby-deps - dependency-name: ttfunk dependency-version: 1.7.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: ruby-deps - dependency-name: typhoeus dependency-version: 1.5.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: ruby-deps ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels Feb 1, 2026

chadlwilson merged commit 5ce0960 into master Feb 1, 2026
1 check passed

dependabot bot deleted the dependabot/bundler/ruby-deps-5f3bcbcdce branch February 1, 2026 10:13

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the ruby-deps group with 20 updates #1285

Bump the ruby-deps group with 20 updates #1285

Uh oh!

dependabot bot commented on behalf of github Feb 1, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Bump the ruby-deps group with 20 updates #1285

Bump the ruby-deps group with 20 updates #1285

Uh oh!

Conversation

dependabot bot commented on behalf of github Feb 1, 2026

1.213.0 (2026-01-28)

1.212.0 (2026-01-16)

1.211.0 (2026-01-08)

1.210.1 (2026-01-06)

1.210.0 (2026-01-05)

v3.10.0

What's Changed

New Contributors

v5.2.0

What's Changed

[v5.2.0] - 07-01-2026

What's Changed

8.1.2

Active Support

Active Model

Active Record

Rails 8.1.2 (January 08, 2026)

v2.36.0

v2.35.3

v2.35.2

1.1211.0 (2026-01-30)

1.1210.0 (2026-01-27)

1.1209.0 (2026-01-22)

1.1208.0 (2026-01-21)

1.1207.0 (2026-01-20)

1.1206.0 (2026-01-16)

1.1205.0 (2026-01-15)

1.1204.0 (2026-01-14)

1.1203.0 (2026-01-12)

1.1202.0 (2026-01-09)

3.241.4 (2026-01-16)

3.241.3 (2026-01-08)

3.241.2 (2026-01-07)

3.241.1 (2026-01-06)

3.241.0 (2026-01-05)

1.121.0 (2026-01-16)

1.120.0 (2026-01-08)

1.119.0 (2026-01-05)

v4.0.1

What's Changed

v4.0.0

What's Changed

New Contributors

4.0.1

4.0.0

v7.2.0

What's Changed

New Contributors

7.2.0

3.2026.0127 / 2026-01-27

3.2026.0120 / 2026-01-20

3.2026.0113 / 2026-01-13

3.2026.0106 / 2026-01-06

v1.9.0

Added

Changed

v1.8.0

Added

Changed

[1.9.0] - 2026-01-27

Added

Changed

[1.8.0] - 2026-01-12

Added

Changed

7.0.2 - 2026-01-04

Changed

1.5.0

What's Changed

New Contributors

2.7.0 (2026-01-09)

[1.8.0][] - 2024-03-05

Fixed

Uh oh!

Uh oh!